On Fri, 2005-01-28 at 13:12, Stephen Smalley wrote: > I think that the allow_execmod boolean only allows execmod permission to > files labeled with the new texrel_shlib_t type. Or at least that is > what it should do. Any existing occurrences of execmod permission in > the policy should be changed to use texrel_shlib_t now that it is > defined, and then any DSOs that require it should be relabeled to that > type. We should also wrap occurrences of execmem with a boolean, but a separate one than the execmod rules. Might also want multiple booleans, e.g. to allow certain programs without allowing all others. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
